Details

Description

When trying to open Robot Framework log (or report) I get an error in my browser:
"...
Opening Robot Framework log failed

Verify that you have JavaScript enabled in your browser.
Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.
..."

Daniel Beck
added a comment - 2015-12-31 16:02 This is likely a result of the security content in Jenkins 1.625.3 and 1.641:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

Bob Lafortune
added a comment - 2016-01-04 15:50 Has suggested by the links provided, I was able to get around the issue by adding:
java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war
In my service startup file.

Thank you selur vedu, your work around works for me. But I always get nervous disabling security features, even for private sites behind a firewall. Is there a better long term solution for this issues, will the robot framework people need to be involved?

Blake MItchell
added a comment - 2016-04-08 17:06 Thank you selur vedu , your work around works for me. But I always get nervous disabling security features, even for private sites behind a firewall. Is there a better long term solution for this issues, will the robot framework people need to be involved?

Tarik Remous As this undermines an important security feature, it cannot be more than a short to medium term workaround until the plugin is adapted in some way to handle it. Please reconsider your stance.

Daniel Beck
added a comment - 2016-05-10 08:36 Tarik Remous As this undermines an important security feature, it cannot be more than a short to medium term workaround until the plugin is adapted in some way to handle it. Please reconsider your stance.

I just updated my answer, in essence, I added allow-same-origin after sandbox allow-scripts. That is needed to make report.html work properly in Chromium-based browsers (no test cases were shown in report.html). I think this should be in Tarik Remous's answer as well.

selur vedu
added a comment - 2016-05-10 18:09 I just updated my answer, in essence, I added allow-same-origin after sandbox allow-scripts . That is needed to make report.html work properly in Chromium-based browsers (no test cases were shown in report.html). I think this should be in Tarik Remous 's answer as well.

This issue is impacting the OpenDaylight project, from what I see here the proposed solutions are temporary workarounds that btw did not work in our environment. So any plan to fix this in the robot-plugin code?

Luis Gomez
added a comment - 2016-06-10 23:30 This issue is impacting the OpenDaylight project, from what I see here the proposed solutions are temporary workarounds that btw did not work in our environment. So any plan to fix this in the robot-plugin code?

While archiving HTML reports and serving them verbatim is still (and will remain) a flawed approach for Jenkins, this is at least an improvement over the current implementation (with CSP having to be disabled on the Jenkins side).

Daniel Beck
added a comment - 2016-08-28 16:30 Tarik Remous FYI I have a work in progress library plugin that has already been incorporated in Cucumber Reports Plugin to make it work. You may be able to adapt that approach for your plugin.
https://github.com/daniel-beck/jenkins-checksum-archive-demo-plugin
https://github.com/jenkinsci/cucumber-reports-plugin/pull/66
While archiving HTML reports and serving them verbatim is still (and will remain) a flawed approach for Jenkins, this is at least an improvement over the current implementation (with CSP having to be disabled on the Jenkins side).

Verify that you have JavaScript enabled in your browser.
Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.

Ed Sherwin Nonog
added a comment - 2016-09-19 07:33 Hi everyone, any solution on this problem? Thanks
Opening Robot Framework log failed
Verify that you have JavaScript enabled in your browser.
Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.

I've been using SCP plugin to publish the resulting log.html out to a directory I can grab it from. Sort of a way of dealing with this. However it would be extremely nice to be able to have this working without a work around. Is there any update on this?

Alec Matschiner
added a comment - 2016-12-09 21:41 I've been using SCP plugin to publish the resulting log.html out to a directory I can grab it from. Sort of a way of dealing with this. However it would be extremely nice to be able to have this working without a work around. Is there any update on this?

Aaron Wang
added a comment - 2017-03-09 18:19 Thanks for replying Cristian Uroz , this seems to be the method for Windows based Jenkins I guess, since I cannot find the jenkins.xml file any where. I'm using Ubuntu based Jenkins. I found the solution here: http://askubuntu.com/questions/770526/configure-jenkins-csp-for-ubuntu-service

ming chang you will need to execute that command every time Jenkins restarts. To have Jenkins automatically apply this, get your Jenkins administrator to add a disable_content_security_policy.groovy file under ${JENKINS_HOME}/init.groovy.d with contents similar to the following:

Bassam Khouri
added a comment - 2017-10-02 18:08 ming chang you will need to execute that command every time Jenkins restarts. To have Jenkins automatically apply this, get your Jenkins administrator to add a disable_content_security_policy.groovy file under ${JENKINS_HOME}/init.groovy.d with contents similar to the following:
https://github.com/bkhouri/jenkins_support/blob/master/init.groovy.d/disable_content_security_policy.groovy
Can we mark this JIRA as critical as having to circumvent Jenkins CSP is not ideal.

Bassam Khouri
added a comment - 2017-10-02 18:10 Jenkins implemented CSP for valid security reasons. So I'm changing the priority from Major to Critical as the ideal of circumventing CSP is alot less than ideal.

Subodh Agnihotri
added a comment - 2018-04-24 13:57 Still facing the issue in Jenkins ver. 2.107.2 for opening report.html of Robot framework.
Log.html file is coming after workaround suggested, but report.html still displays the same error